August 06, 2002
U.S. Postmaster also investigating Verisign?
Also interesting...I've always thought that stock bull boards were rather useless. Yahoo's board on VRSN has proven me wrong. Links to copies of the actual letters themselves can be found here and here.
MS the new industry leader in security?
"
Analyst: Microsoft on verge of security blitz. Move could displace sector leaders" says Infoworld. And this one
on the heels of Shatter. I suppose things could be stranger today...
FTC Probes Verisign Marketing - Take II
An updated story has been filed by Reuters that sorts out some of the vaguaries concerning the source of the story...Verisign's comments still pretty much confirm the facts that the story lays out, so I'm still saying "hold on to your hats ladies and gents, this is about to get interesting..."
Unfortunately, no original editorial at this point - other than the standard regurgi-fed items...
FTC Probes VeriSign Marketing
Not much to say about this one other than the obvious which is to note that the FTC web site doesn't have much to say on the subject...
On one hand, Reuters is a very credible source for this story, but on the other, "a source close to the probe" doesn't really make it a "fact" in my mind.
Regardless, my personal conjecture is that this story is spot on (Verisign pretty much confirms it in the article). It will be interesting to see what further commentary develops within industry circles.
If it is true, it will be interesting to see what the findings are and whether or not Verisign re-uses their "government contractor immunity" defence that has served them very well in the past (or whether it would even be relevant as my layman's understanding of the pgMedia case is that it was anti-trust specific...come to think of it...would they qualify for anti-trust immunity now? The Interland reference is also interesting, especially given some of the prior associations that the news media has made. (Hmm...let's hope a lawyer with some insight decides to fire up his or her blog machinery and answer some of these tough questions...:).
There is one thing for certain, there is going to be much to be said on the subject over the coming months...
(Hmm...I suppose that there was a bit to say on this one ;)
Wed, 07 Aug 2002 02:16:44 GMT
Mmm...so bill is the mole, dot wins and now I can go to bed early. Hopefully this show doesn't go into repeats...
Wed, 07 Aug 2002 02:13:14 GMT
Ahh well...guess that means that bill is the mole...stupid game.
Wed, 07 Aug 2002 02:09:44 GMT
For the last bazillion weeks people have been getting themselves booted from the dhow because they had no idea who the mole is...and they are supposed to be able to answer that question now? Dumb start... Who cares...
Wed, 07 Aug 2002 02:03:54 GMT
Okay...so who is the mole... More mindless commentary over the next hour as the only show I watch comes to an end...
Sorry for the lack of
Sorry for the lack of updates over the last few days...I was purposely
out of range of my computer for three straight days. Anyways, nice to be
back....
Slashdot is running an interesting
essay entitled
"Exploiting design
flaws in the Win32 API for privilege escalation. Or...Shatter Attacks -
How to break Windows."
As the paper states, "The flaws presented in this paper are, at the time
of writing, unfixable. The only reliable solution to these attacks
requires functionality that is not present in Windows, as well as
efforts on the part of every single Windows software vendor. This
research was sparked by comments made by Microsoft VP Jim Allchin who
stated, under oath, that there were flaws in Windows so great that they
would threaten national security if the Windows source code were to be
disclosed. He mentioned Message Queueing, and immediately regretted it.
However, given the quantity of research currently taking place around
the world after Mr Allchin's comments, it is about time the white hat
?
community saw what is actually possible."
Microsoft's
response?
"...if I understand things correctly, the attack you describe either
requires the user to run an attacker's program on their system or the
attacker needs to have access to the user's system. I would recommend
that you contact the program's owner and let them know of your report.
There may or may not be a vulnerability for them to address, but the
program's owner should determine that."
It makes me wonder whether or not there is any connection between the
publication of this note and
Microsoft's recent
move to release their source and API's prior to the formal final
settlement approval or if its just a coincidence. Presumably, issuing
API and source documentation that refutes this protects the "integrity"
of the product...if it's a coincidence and Chris is right, then the
Windows world is in for a whole mess of trouble...